Re: ftp enhancements

Jean-Yves Migeon <jym%NetBSD.org@localhost> writes:
> Le 18/03/13 16:20, diro%nixsyspaus.org@localhost a écrit :
>> On Mon, Mar 18, 2013 at 11:08:25AM -0400, Greg Troxel wrote:
>>>
>>> The issue is that pkgsrc has to run on all systems. So what we really
>>> need is some mechanism to know about each platform's capability and do
>>> the right thing. It used to be that https fetch was odd, and now it
>>> isn't, so this probably needs some work.
>>
>> This was basically my next pair of questions. If we aren't currently
>> handling this in fetch.mk, could we put it on the task list for next
>> quarter? It would obsolete the necessity for FETCH_USING=curl/wget in
>> many package Makefiles for https/ftps URLs. Then, we could also add a
>> warning to pkglint to let the developer know that such an addition is
>> not necessary anymore and update the documentation to clarify this.
We don't really have task lists. But if you want to send a patch
(especially one that you've testted :-) people will look at it.
> Why is there so many packages using TLS/SSL then? Unless we provide a
> list of acceptable certificates or CAs to validate server-side certs,
> having SSL/TLS does not bring any real benefit.
It's not a question of us deciding there's benefit. You're quite right
that the whole hundred-CAs TLS situation is a bit odd. The real point
is that there are a number of packages for which the distfiles are
*only* available via https. So we have to fetch them that way.